From 552f1f2070953ed117ce7abe4261961c8899e248 Mon Sep 17 00:00:00 2001
From: Michael Krotscheck <krotscheck@gmail.com>
Date: Fri, 4 Mar 2016 07:43:58 -0800
Subject: [PATCH] Moved CORS middleware configuration into set_defaults

The default values needed for trove's implementation of cors
middleware have been moved from paste.ini into a common
set_defaults method, invoked on load. Unlike similar patches
on other services, this patch does not include config-generation
hooks, as trove doesn't use them yet.

Change-Id: Id8e04249498f63e42dadcacbd2c08b525adc0958
Closes-Bug: 1551836
---
 etc/trove/api-paste.ini     |  3 --
 etc/trove/trove.conf.sample | 65 ++++++++++++++++++++++++-------------
 trove/cmd/api.py            |  3 ++
 trove/common/cfg.py         | 26 +++++++++++++++
 4 files changed, 71 insertions(+), 26 deletions(-)

diff --git a/etc/trove/api-paste.ini b/etc/trove/api-paste.ini
index f7cac61ecd..ea3612b937 100644
--- a/etc/trove/api-paste.ini
+++ b/etc/trove/api-paste.ini
@@ -22,9 +22,6 @@ paste.filter_factory = trove.common.auth:AuthorizationMiddleware.factory
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = trove
-latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
-latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
-latent_allow_methods = GET, PUT, POST, DELETE, PATCH
 
 [filter:contextwrapper]
 paste.filter_factory = trove.common.wsgi:ContextMiddleware.factory
diff --git a/etc/trove/trove.conf.sample b/etc/trove/trove.conf.sample
index 8df5d7dfea..47066e5f1b 100644
--- a/etc/trove/trove.conf.sample
+++ b/etc/trove/trove.conf.sample
@@ -262,35 +262,54 @@ api_strategy = trove.common.strategies.cluster.experimental.vertica.api.VerticaA
 [cors]
 
 #
-# Options defined in oslo_middleware.cors.CORS.
-# This entire section is optional.
+# From oslo.middleware.cors
 #
 
-# The default protocol, domain, and port from which HTTP requests are
-# permitted.
-# allowed_origin=https://localhost:443
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. (list value)
+#allowed_origin = <None>
 
-# Whether to permit credential headers on CORS requests.
-# allow_credentials = True
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
 
-# CORS preflight responses may be cached. This setting allows you to tell the
-# client how many seconds that cache should persist.
-# max_age=3600
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
 
-# The list of HTTP methods which clients may access. These may be overridden by
-# the software itself.
-# allow_methods=GET,POST,PUT,DELETE,PATCH
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
 
-# The default list of headers each CORS client may access.
-# allow_headers=X-Custom-Header
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
-# The default list of headers exposed on each CORS request. To allow proper
-# microversion detection, please ensure that the 'X-OpenStack-Ironic-API-Version
-# header is included in this list.
-# expose_headers=X-Custom-Header
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
 
-[cors.optional]
 
-# An additional domain from which CORS requests are permitted, which defaults
-# to settings set above.
-# allowed_origin=https://otherhost:443
+[cors.subdomain]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
\ No newline at end of file
diff --git a/trove/cmd/api.py b/trove/cmd/api.py
index 2e5a14ad32..60f78c3e58 100755
--- a/trove/cmd/api.py
+++ b/trove/cmd/api.py
@@ -19,7 +19,10 @@ from trove.common import profile
 
 @with_initialize
 def main(CONF):
+    from trove.common import cfg
     from trove.common import wsgi
+
+    cfg.set_api_config_defaults()
     profile.setup_profiler('api', CONF.host)
     conf_file = CONF.find_file(CONF.api_paste_config)
     workers = CONF.trove_api_workers or processutils.get_worker_count()
diff --git a/trove/common/cfg.py b/trove/common/cfg.py
index 23e5153513..867c9dabe2 100644
--- a/trove/common/cfg.py
+++ b/trove/common/cfg.py
@@ -20,6 +20,7 @@ import os.path
 from oslo_config import cfg
 from oslo_config.cfg import NoSuchOptError
 from oslo_log import log as logging
+from oslo_middleware import cors
 from osprofiler import opts as profiler
 
 from trove.version import version_info as version
@@ -1396,3 +1397,28 @@ def get_configuration_property(property_name, manager=None):
         return CONF.get(datastore_manager).get(property_name)
     except NoSuchOptError:
         return CONF.get(property_name)
+
+
+def set_api_config_defaults():
+    """This method updates all configuration default values."""
+
+    # CORS Middleware Defaults
+    # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
+    cfg.set_defaults(cors.CORS_OPTS,
+                     allow_headers=['X-Auth-Token',
+                                    'X-Identity-Status',
+                                    'X-Roles',
+                                    'X-Service-Catalog',
+                                    'X-User-Id',
+                                    'X-Tenant-Id',
+                                    'X-OpenStack-Request-ID'],
+                     expose_headers=['X-Auth-Token',
+                                     'X-Subject-Token',
+                                     'X-Service-Token',
+                                     'X-OpenStack-Request-ID'],
+                     allow_methods=['GET',
+                                    'PUT',
+                                    'POST',
+                                    'DELETE',
+                                    'PATCH']
+                     )